Red Hat Bugzilla – Bug 1264005
when dropping privileges secondary user groups are not loaded
Last modified: 2016-08-08 20:08:47 EDT
Created attachment 1074381 [details]
data for reproducer
Description of problem:
When mock drops privileges it loads only primary group and UID of the user and over
os.setgroups() loads only mockgig
Version-Release number of selected component (if applicable):
Name : mock
Arch : noarch
Version : 1.2.12
Release : 1.el7
Size : 952 k
Repo : installed
From repo : epel
Well this is an issue if you are going to use mock via retrace server.
Steps to Reproduce:
1. Download attached package
2. Change owner to be different from your user
3. Change group to be some different from your primary group, bu you must be member of the group
4. ensure all dirs and files have access rights 770
5 run: /usr/bin/mock --configdir <path to the mock config dir> shell
ERROR: Could not find required config file: <path to the config>
ERROR: Did you forget to specify the chroot to use with '-r'?
ERROR: If you're trying to specify a path, include the .cfg extension, e.g. -r ./target.cfg
mock chrooted shell
As written in description.
We are switching from UID/GID 0/0 to USERHELPER_UID. (sudo is not used anymore imho)
UID is correctly recognized as int(os.environ['USERHELPER_UID']).
GID is fine as well, but as other groups we set only mockgid.
We should also append users secondary groups.
#import pdb; pdb.set_trace()
unprivUid = os.getuid()
unprivGid = os.getgid()
if os.environ.get("SUDO_UID") is not None:
unprivUid = int(os.environ['SUDO_UID'])
unprivGid = int(os.environ['SUDO_GID'])
if os.environ.get("USERHELPER_UID") is not None:
unprivUid = int(os.environ['USERHELPER_UID'])
unprivGid = pwd.getpwuid(unprivUid)
uidManager = mockbuild.uid.UidManager(unprivUid, unprivGid)
Something like could be nice (the primary group is listed but it could be removed easily):
>>> user= "lherbolt"
>>> [g.gr_name for g in grp.getgrall() if user in g.gr_mem]